The biggest reveal was that Borisov was floated in the mid-1990s
as a possible informant against his alleged and widely assumed
contacts in the world of Bulgarian organised crime. On 21 February
-- just 18 days after the Balkanleaks release -- Borisov resigned
in the face of widespread corruption allegations and rising energy
prices.

No matter the act's public good, publishing the "Buddha dossier"
caused trouble for Bivol, the investigative
journalism outlet behind Balkanleaks. On 11 February, the site
stated it had been subject to a "massive smearing campaign in the
[Bulgarian] media and a recurring DDoS attack on the site." As a
result, its
editors fought back via blog post. "Bivol is now
releasing this insurance file. The key will leak automatically if
something happens to our staff."

The "Buddha dossier" was not the first time Borisov had been
linked to organized crime. Immediately following the collapse of
Bulgaria's communist regime in the mid-1990s, Borisov's private security
firm, Ipon, worked for Todor Zhivkov. Zhivkov was
Bulgaria's communist dictator from 1954 to 1989. Questions
concerning Borisov's alleged ties to organised crime came soon
after.

So Atanas
Tchobanov, a Balkanleaks
and Bivol co-founder, doesn't believe his
website was directly responsible for the fall of the Borisov
government.

"This is a very uncertain [question]," he told Ars in an
internet chat. "You remember, some people said that WikiLeaks
unleashed the Tunisian revolution. I don't believe this is the real
cause. But it's a pleasure to see slogans on the protests [such
as]: 'Buddha, we're not fools'."

And thanks to a WikiLeaks-leaked
US State Department cable from 2006 (three years before
Borisov became prime minister), we now know the US Embassy in Sofia
told Washington, DC about Borisov. He was "implicated in serious
criminal activity and maintains close ties to LUKoil [Russia's
second-largest oil company] and the Russian embassy."

That cable concludes, ominously: "In other words, we should
continue to push him in the right direction, but never forget who
we're dealing with."

The few, the proud, the leaksWikiLeaks remains under a near financial blockade, its
founder under effective house arrest after having been granted
asylum in the Ecuadorian Embassy in London. The group has yet to
release anything as substantial as last year's "Detainee
Policies" -- Balkanleaks remains one of the few "leaking sites"
still going strong. Its recent insurance-key move comes
precisely out of the WikiLeaks playbook.

More than two years ago, a flurry of new WikiLeaks
clones sprung up around the world inspired by the world's
most famous transparency-driven organisation. They
had all kinds of names: QuebecLeaks, BaltiLeaks, EnviroLeaks,
and more. PirateLeaks (based in the Czech Republic), BrusselsLeaks (Belgium) and RuLeaks (Russia) all did not
respond to Ars' requests for comments.

HonestAppalachia's Jimmy Tobias wrote to Ars to say the group
was "active indeed, and working on a variety of projects." To date,
HonestAppalachia has yet to publish anything, despite receiving a $5,000 (£3,300) grant from the Sunlight
Foundation nearly a year ago.

Most of these clones never got very far and appear to have all
but shut down. Balkanleaks seems to be just one of a handful still
actively receiving and publishing new documents.

"I think this points to the fact that what WikiLeaks did was
fairly unique and probably a few years ahead of its time," said
Trevor Timm, co-founder of the Freedom of the Press
Foundation.

So how does Balkanleaks thrive where others haven't?

Tchobanov, the site's co-founder, boils it down to one
word: Tor. It's
the open-source online anonymising tool that's become the de facto
gold standard for hiding one's tracks online. Balkanleaks provides
instructions in Bulgarian, Serbian, Macedonian, and English, and
the submission website
is only available on its Tor-enabled server.

"Tor is known and people trust Tor," he added.

On its face, what Balkanleaks has done should be easily
duplicated anywhere. "It's not hard," Tchobanov said. "Who
says it's hard?" Balkanleaks set up a website, required leakers to
use Tor, explained how and why to use Tor in local languages, and
then received and published leaked documents.

"It's not as easy as it looks to set up an anonymous site that's
safe for its users," Timm said. "We may have seen more WikiLeaks
sites become successful if the crackdown against WikiLeaks wasn't
so hard after the State Department cables. When WikiLeaks did what
they did, despite not breaking any law, they were cut off from all
sorts of finances and had a grand jury investigation opened against
them. I think this created a chilling effect for other developers
who would want to do the same thing."

Still -- with Tor as a proven, secure, and verifiable technology
-- it seems clear these sites need more than technological tools. A
successful operation needs willing leakers and an available brigade
of journalists or activists who know how to digest and process such
an influx of information, and that's
what Bivol provides. Having a quick-and-dirty
specialised site for a particular region, with journalists that the
public trusts, is also a huge asset.

Since its humble beginnings, OpenLeaks set out to be a kinder, gentler
version of WikiLeaks. Back in 2010, Domscheit-Berg told Deutsche Welle, the German broadcaster, that
OpenLeaks' aim was not to duplicate what WikiLeaks had already
done. Instead, the goal was to act as a platform that could sit on
top of existing media or activist websites. It was originally
conceived as a system that would allow for targeted and timed
leaking to certain sites, then eventually let other OpenLeaks
partners see the documents in question.

But more than anything, Domscheit-Berg specifically wanted to
open up the virtual doors to the process. WikiLeaks was, of course,
extremely secretive. In the beginning, Domscheit-Berg talked
about establishing a formal, legal, Germany-based, nonprofit
foundation.

"This foundation will support the OpenLeaks project and it will
support whistleblowing in general," he said in 2010.

In the near-term, we are looking into establishing the
proper mechanisms, responsibilities, processes and all these things
that will make sure that the people in the board of that foundation
will have a say in the critical decisions that need to be taken in
the OpenLeaks platform. We are looking into incorporating all of
this properly.

We don't want to expose that project to the same kinds of
political pressure that the WikiLeaks project is suffering from
right now. Because no one understands actually what the processes
are, who is taking decisions, how the financials work and all of
these sorts things are very obscure -- here not even necessarily
something bad is going on. These guys are asking transparency from
everyone else but they are not transparent themselves. So I think a
more open approach and a more organized approach is a better one
because you are not going to fall prey to that kind of
criticism.

Slow and steadyBy early January 2011, OpenLeaks did go live, for a time -- partnering with some
European media and activist groups. But no significant leaks came
from OpenLeaks. By August 2011, Domscheit-Berg got into a very public spat with the Chaos Computer Club that
resulted in his removal (Google Translate)
from the famed hacker group. The ejection was only the second in
the club's history.

"That was the time when we decided for the whole organisation
that we're going to do this differently," Domscheit-Berg told
Ars.

Today, the "six to ten person" OpenLeaks group continues to work
largely from a property Domscheit-Berg and his wife bought, in
a small town 55 miles north of Berlin.

"I think we are a little bit wiser today and we are
understanding the requirements a little bit
better," Domscheit-Berg said. "One of these requirements is
that the differences between organisations are much greater than we
had thought. There is some common ground, [but] the platform needs
to provide security, you need to think about how to anonymise, and
how to deal with [something that's not a] document that comes in.
Plus, when you want to embed this into an existing system, it gets
much more complicated."

In other words, while receiving PDFs (Balkanleaks said it
strongly prefers PDFs) or Word documents is one thing, what happens
if a leaker wants to send a MySQL database or something in a
non-traditional format?

"Most of the time at WikiLeaks, we were not well-known enough
for people to send in such a range of stuff," Domscheit-Berg
added.

Further, as WikiLeaks' own data dumps have shown, just because a
group publishes a set of documents doesn't make them automatically
interesting or newsworthy. It takes journalists, activists, or
other analysts to make sense of the information for public
consumption. It's this reason, Domscheit-Berg said, that OpenLeaks
felt compelled to work with groups that might want to receive
leaked documents, challenging them to think long and hard about
what they would do with such leaks.

"It doesn't help if, at the end of the day, people perceive what
you do as a product," he continued. "We think we have to make these
organisations part of the intellectual development process so that
they understand where they are today and where they want to go and
the way in between. The technical part generally is not the
complicated part. The complicated part is embedding this into an
environment so that people understand what it means. It's all the
processes that need to be created around it."

So why doesn't OpenLeaks open up its doors in the name of
transparency and release the code it's been working on?

"If we would open-source it, people would think that this is the
solution and then they would use it and they wouldn't take care,
and then something would go wrong," he said. "That is part of the
experience. The whole media and the whole NGO world, they are
facing a big learning curve of know-how to understand the
technicalities of the internet."

Given OpenLeaks' previous public setbacks, the group now seems
content to sit back and come up with a bulletproof system. Its
struggles certainly show that technology may not be the issue --
leakers need to know and trust it before they're even willing to
leak.

The German activist and his colleagues have worked quietly,
unlike those involved in the media-driven WikiLeaks story, and they
continue to provide feedback and suggestions at no charge.
Domscheit-Berg won't call it consulting because "that sounds too
much like making money" to groups like Al Jazeera
English, the German newspaper Die Zeit, and
Reporters Without Borders.

"There [was a lot of hype] about word record publications," he
added. "In order to make an impact it requires a lot of dry work
and it requires a lot of journalistic work that is not very
exciting but that requires you to stick to it and requires you to
bite into it. It doesn't feel like you're involved in a James Bond
movie."

When I jokingly asked if he was James Bond,
Domscheit-Berg didn't miss a beat: "That's another guy,
and I think you know who I mean."

Making Tor even easier to useOn the opposite end of Europe, there's another project
that may be further along in the same quest OpenLeaks started:
becoming an open-source whistleblowing platform that transforms any
individual site into its own, highly secure, individualised drop
box.

Meet the Hermes Foundation. It's an Italian non-profit
organisation currently working on version 0.2 of GlobalLeaks, what
it describes as the "first open-source whistleblowing
framework. It empowers anyone to easily set up and maintain a
whistleblowing platform."

(Hermes is behind a number of other hacktivist-style,
transparency-focused projects, including Tor2Web. Tor2Web was
co-created by the late Aaron Swartz, and Ars reported on the project back in 2008.)

The site says its beta release will be sometime in "early 2013."
It was all facilitated by a $108,000 (£72,000) grant (PDF) from the Open Technology Fund, a
program of Radio Free Asia, which is funded by the American
government.

"The GlobaLeaks server will run as a Tor Hidden Service for
security and privacy reasons," states the group's "Project
Plan" (PDF).

"Unfortunately, one of the drawbacks of Tor Hidden Services is
that they have a high latency. For this reason all of the
application logic will come bundled into the [GlobaLeaks] Client
that can be downloaded over a different channel, verified and then
loaded into the browser (as a plugin, or opened locally). The
client at this point will only do asynchronous requests to the
backend via Tor and be able to display feedback to the user on the
status of the requests."

GlobalLeaks' primary tool is the Anonymous Python
Application Framework (APAF), which was announced on
the Tor developers' email list nearly a year ago. Its goal "is to
give a container allowing anybody to build their Web application in
a way that it will automatically publish itself to the Tor network
as a Tor Hidden Service."

"If WikiLeaks was like Napster -- [a] centralised, new, and
innovative idea that showed the world the power of file-sharing --
we are like BitTorrent, the next evolution of this software that is
much more resilient, faster, and more flexible to the user needs,"
said Claudio Agosti, one of GlobalLeaks' developers.

For now though, GlobalLeaks said that few, if any, organisations
and news
outlets have made use of its platform on a consistent basis. There
don't appear to be any major leaks that have come as a result of
the GlobalLeaks platform.

"I believe that a lot of people have tried version 0.1, but they
are unhappy about the maturity of the software," he added.

GlobalLeaks thinks that part of the problem with leaking sites
is that it's too hard -- people need to be told how to use Tor and
how to protect themselves. They want to make leaking as easy as
possible and are taking a quite deliberate approach to doing
so.

Like a sieveThere's another notable leaking site that also made a name
for itself in 2013: LocalLeaks. So far, its sole "disclosure"
appears to be the publication of "The
Steubenville Files," detailing a horrific alleged rape and
kidnapping case in a small town in Ohio.

"Despite all this, it looked as though a town rife with
corruption, cronyism, illegal gambling, and fixated upon their star
high school football team (a major economic revenue engine) were
prepared to orchestrate a major cover-up in order to sweep the
entire affair under the rug," LocalLeaks writes. "As this
disclosure will document, this cover-up was perpetrated by people
in the high school administration, local government and law
enforcement."

LocalLeaks is partnering with two other groups, including
KnightSec (a splinter group of Anonymous) and Occupy Steubenville.
The latter has largely orchestrated in-person protests in the
town.

"All three of these entities have their own objectives and
tactics, as well as their realm of responsibility within the
over-arching Operation," LocalLeaks wrote to Ars in an anonymous
email. "Anonymous, as led by KnightSec -- desire justice and use
standard cyber-activist strategies to work toward that goal. Occupy
Steubenville desire a reformation of corrupt civil life in
Steubenville and utilise the standard Occupy methods of protest to
achieve this. LocalLeaks wants only to reveal the truth, and we use
the industry standard method of disclosure to do this. All three of
these entities are distinct in organisation and purpose, yet we are
in constant communication every day and coordinate our efforts
within the Operation."

LocalLeaks claims to be receiving leaks "every day," and so far
has received "in excess of 1,000 separate leaks," from "students,
administrators, attorneys, police officers, government officials,
and employees" in Steubenville and the region.

Largely, though, the narrative LocalLeaks outlined on its site
is composed of damning photos, tweets, and other evidence. It
entails "a small group of high school students and other
individuals (including one member of the 'Rape Crew') who were
eye-witness to some part of the events that unfolded the night Jane
Doe was attacked. All have come forward to us and identified
themselves and agreed to cooperate with us in piecing together
exactly what happened to Jane Doe that night."

LocalLeaks makes use of the German Privacy Foundation's
open-sourced PrivacyBox, which
includes OpenPGP encryption, as well as AnonFiles, which makes zero
verifiable claims with respect to privacy.

Still, at the end of the day, LocalLeaks exemplifies the fact
that all these sites are dependent on individuals coming forward.
The sites also need to have a group of outside volunteers who will
sit together to assemble what's been leaked. If Steubenville
residents had simply just dumped a bunch of documents all of a
sudden, it seems unlikely that anyone would be paying as much
attention.

More than a forumFor now, there are only a few active leaking sites -- with
perhaps a couple others on the way -- but many experts say the
ecosystem won't grow on its own. After all, leaking sites remain
dependent on leakers' willingness to bring a document or other
piece of information into the light.

"By far the majority of leaks have nothing to do with encrypted
e-mails -- they have to do with brave people within various
bureaucracies having relationships with enterprising journalists,"
said Ben Wizner,
the director of the American Civil Liberties Union's Speech,
Privacy & Technology Project.

"Technology can aid whistleblowing, but technology is not a
solution. It doesn't create the courageous patriotic whistleblower
who is willing to face risk to expose illegality.
It doesn't create that person because it cannot create a
foolproof way to leak without detection and punishment -- and I
don't think [such sites purport] to. What the leaking sites are
trying to do is to minimise the risk of leaking, but they can't
eliminate that risk. We still need brave human beings. It doesn't
replace the person who has to make a moral decision -- and a moral
decision with some risk."